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Disclaimer: 

The  term  ABC  used  in  this  paper  does  not  refer  to  and  does 
not  have  any  association  with  the  CBSA’s  Automated  Border 
Clearance  program  and  is  used  solely  in  reference  to  a 
general  system  that  performs  automated  clearance  of 
travellers  at  the  border. 

The  terms  eBorder,  ePassport,  eGate  used  in  this  paper  do 
not  refer  to  and  do  not  have  any  association  with  any 
particular  national  program  or  deployment  and  are  used 
solely  in  reference  to  a  general  automated  border 
control/management  infrastructure. 
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Outline 


CBSA  ASFC 


1 .  CBSA  Context  -  DRDC  CSSP  Project 

2.  Quick  scan  of  issues  with  existing  systems: 

-  Case  Study  1:  eGates  (EU) 

-  Case  Study  2:  RTP  kiosk  (UK  IRIS) 

-  Lessons  learnt 

3.  Evolution  of  biometric  border/access  control  systems 

•  Three  generations  of  ABC 

4.  Concept  of  Degraded  Performance 

5.  Concept  of  Air  T raveller  Continuum  and  eBorder 

•  Key  components  of  eBorder 

6.  Formalized  definition  of  ABC 

-  ABC  as  evidence  accumulating  machine 

-  ABC  modeling  for  Cost-Benefit  /  Performance  /  Risk  analysis 
Conclusions 
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CBSA  context  -  Technologies  for  Air  Travel 


CBSA  ASFC 


•  Manual  Primary  Inspection  Lane  (PIL) 

•  TTP  (Nexus):  iris  biometric  kiosks 

•  TRBP:  fingerprints  for  temporary  residents 

•  ABC  self-service  declaration  kiosks 

+  ePassports  (since  2013) 

+  Passport  readers  for  check-in  (by  Air  Lines) 

•  Looking  into  the  Future 
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4.  Dmitry  Gorodnichyet  al.  “ABC  as  part  of  eBorder1'  (NIST  IBPC  2014) 


CSSP-201 3-CP-1 020 


Objectives: 

1.  Perform  a  benefit-risk  analysis  for  ABC  systems 

2.  Determine  a  taxonomy  of  ABC  systems 

3.  Develop  a  taxonomy  of  vulnerabilities  and  attacks 

4.  Identify  technologies  and  procedures  to  secure 
biometric-based  techniques 

5.  Generate  protocols  for  rules  and  restrictions 
related  to  the  testing/validation  of  ABC  systems 


Risk  analysis  of  face  and  iris  biometrics 
in  automated  border  control 
applications  (“RA-ABC”  Project) 

Lead  Organization:  CBSA 
Partnership:  University  of  Calgary 
Start-End:  June  3,  2013  -  March  31,  2015 
Funded:  DRDC  Center  for  Security  Science 

Canada  Safety  and  Security  Program 


Outcomes  to  date: 

•  “Automated  Border  Control  machines: 

Overview,  trends,  and  challenges” 

•  “ABC  systems  as  part  of  eBorder  process” 

•  “Automated  Border  Control  machines: 

Taxonomy  of  deployment  scenarios” 

•  “Risks  Evaluation  for  Biometric-based 
Automated  Border  Control  Machines” 

•  “Biometric-Based  Authentication  Profiler” 


Canada 


Quick  scan  of  issues:  EU  eGates 

CBSA  ASFC 

Performance  in  Germany:  *  =  500  users  passing  through  EasyPASS  per  da^ 
(M.  Nuppeney,  “Automated  Border  *  88%  success  rate 

Control  based  on  (ICAO  compliant)  <  border  crossing  without  manual  interaction 

eMRTDs”,  NIST  IBPC,  2012)  -  12%  operational  reject  rate 

«•  additional  manual  inspection  by  border  guard 
>*  =  5%  rejected  due  to  face  verification  failed 
>»  @  0,1%  FAR  (False  Accept  Rate) 

*  25  7%  rejected  by  the  system  due  to  other  reasons 
<*  non  compliant  user  behaviour 

-  document  check  failed 

-  hits  from  background  database  checks 


Note:  1  in  8  (12%)  is  rejected. 

•  did  not  understand  or  missed  logistical  signs 

•  did  not  know  or  forgot  what  kind  of  passport  they  hold 

•  did  not  follow  instructions  of  the  document  reading  machine, 

•  were  in  some  other  way  imperfect  subject  for  database  processing 
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Quick  scan  of  issues:  EU  eGates  (cntd) 


Performance  in  Spain: 

(D.Cantarero  et  al.  A  multi-modal  biometric  fusion 
implementation  for  ABC  Systems  .  2013  European 
Intelligence  and  Security  Informatics  Conference) 


Note:  variation  in  performance 

•Quality  of  biometric  document  ? 

•User  experience  ? 

•Difference  in  designs? 

•“Doggington  zoo”  ? 

•Language  ?  Duration  of  travel  (Fatigue)  ? 

Note:  transaction-based  metrics  used 

•Number  of  users  need  to  be  reported  ! 


TABLE  II.  4 MONTH  STATISTICS  OF  THE  ORIGINAL  DEC LSH 


Cu  Hill  TV 

Tufal  ABC 

USUJ-iC 

Glubal 
metric  FRR 

Facial  FRR 

AUT 

215, 

r  5.12%S 

5.12% 

BEL 

531 

21.59% 

2 1 .59% 

BGR 

135 

3.73% 

3.73% 

CHE 

217 

5.09% 

5.09% 

CYP 

5 

0.00% 

0.00% 

CZE 

97 

10.53% 

10.53% 

D 

1,540 

10. 18% 

10. 18% 

DNK 

152 

13.16% 

13.16% 

ESP 

67,508 

16.40% 

13.34% 

EST 

15 

7.14% 

7.14% 

FIN 

155 

4.52% 

4.52% 

FRA 

2,687 

12.69% 

12.69% 

GBR 

10,9 14 

7.54% 

7.54% 

GRC 

187 

2.67% 

2.67% 

HUN 

70 

8.57% 

8.57% 

IRL 

749 

8.58% 

8.55% 

EL 

10 

0.00% 

0.00% 

TTA 

2,757 

15.79% 

(5.79% 

LIE 

I 

0.00% 

0.00% 

LTU 

56 

8.93% 

8.93% 

LUX 

13 

0.00% 

0.00% 

LVA 

56 

1.79% 

L  .79% 

MLT 

10 

10.00% 

10.00% 

NLD 

990 

13.54% 

13.54% 

NOR 

97 

16.49% 

16.49% 

POL 

214 

10.33% 

10.33% 

PRT 

2,172 

5.45% 

5.45% 

ROU 

367 

7.42% 

7.42% 

SVK 

49 

14.29% 

14.29% 

SVN 

40 

10.00% 

10.00% 

SWE 

397 

7.61% 

7.61  % 

TOTAL 

12.32% 
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Quick  scan  of  issues:  UK  IRIS 

Due  to  be  closed  down...  Six  reported  reasons: 

1.“... passengers  often  spent  longer  being  scanned  by 
the  machines  than  when  they  went  through  traditional 
passport  control...” 


CBSA  ASFC 


2. “...it  emerged  that  up  to  1  in  10  travellers  were  wrongly  rejected  by  the 
scanners,  and  then  had  to  wait  for  manual  checks  to  get  through  passport 
control...” 


3.  “...an  increasingly  large  number  of  people,  who  are  clearly  not  registered  for 
IRIS,  try  to  use  the  gates  and  then  fail...” 

4.  “...whilst  iris  images  are  a  secure  biometric,  they  are  not  included  in  e-passports, 
which  contain  face  (and  fingerprint)  data... 

5.  “...The  money  would  be  better  spent  employing  more  trained  staff... 

6. “. ..Technologies  have  a  finite  lifetime. ..” 

[1]  A.J.  Palmer,  C.  Hurrey.  Ten  Reasons  Why  IRIS  Needed  20:20  Foresight.  Some  Lessons  for  Introducing 
Biometric  Border  Control  Systems,  2012  European  Intelligence  and  Security  Informatics  Conference 

[2]  http://www.dailvmail.co.uk/travel/article-2102489.  https://aftermathnews.wordpress.com/2012/02/28 
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Quick  scan  of  issues:  UK  IRIS  (cntd) 


CBSA  ASFC 


Critical  Observation 

Q553  Dr  Turner:  Can  you  give  me  your  views ,  please,  on  the  risks  involved  in  this 
project  [IRIS],  and  do  you  think  that  the  Home  Office  has  considered  them  seriously 
enough  ? 

Dr  Mansfield:  The  risks  I  woutd  say  are  probably  because  ir  is  a  very  large 

project r  a  very  large  procurement,  of  which  biometrics  is  just  one  small  part  There 
seems  to  have  been  a  focus  on  the  biometric  element  as  being  the  most  technical  and 
perhaps  least  understood  element  of  the  whole  scheme,  and  to  my  mind  assuming  that 
is  where  all  the  risks  fie  is  totally  incorrect . 

UK  Parliament,  Examination  of  Witnesses  (Question  540-559) r 
May  3 ,  2006  http:/ /www. parliament.  the- stationery- 
office.  co.  uk/pa/cm200506/cmselect/cmsctech/l 032/6050307 ..  htm 
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Conclusions  for  quick  scan 
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ABC  Performance  (Reliability,  Facilitation,  Cost)  = 

=  Function  (Technical  factors,  Non-technical  factors) 


•  Technical  factors  can  be  efficiently  controlled.  For  example: 

-  performance  of  deployed  recognition  algorithms  can  be  improved 

-  machine-human  interfaces  can  be  designed  with  abilities  to  adapt  to  the  user 

-  ergonomic  of  man-traps  and  e-gates  can  be  improved 

-  human  and  machine  operations  can  be  better  balanced 

-  airport  logistics  can  be  modernized 

-  border  officers  can  be  better  trained  to  deal  with  abnormal  situations 


•  Non-technical  factors  are  hard  or  impossible  to  control.  Include: 

-  social,  ethnic,  cultural,  religious, 

-  linguistic 

-  psychological, 

-  geographical  factors 
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Conclusions  for  quick  scan  (cntd) 


CBSA  ASFC 


•  A  substantial  percentage  of  failure  is  due  to  sources  of  risk  other 
than  those  related  to  the  biometric  recognition  performance 

•  Because  an  ABC  system  is  just  one  of  many  components  in  a 
complex  semi-automated  multi-component  border  crossing 
process,  any  failure  or  risk  related  to  the  deficiency  of  the 
biometric  recognition  can  be  mitigated  by  other  non-biometric 
means 


•4  concept  of  Evolution  of  ABC  Systems  and  their  Evaluation 
■4Three  Generations  of  ABC 

■4  performance  of  ABC  systems  can  no  longer  be  measured  in  terms 
traditional  metrics  /  curves  (ISO  SC  37) 

4  concept  of  Degraded  Performance 
4  concept  of  Air  Traveller  Continuum  (eBorder) 
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Evolution  and  Evaluation  of  ABC  Systems: 
from  Access  Control  to  eBorder  system 
A 


Complexity  of  human  factors: 
controlled  vs  uncontrolled 


ABC-ill  (eBorder  system) 

95%  traffic 

many  more  uncontrolled  factors 
many  more  non-biom.  components 


ABC-1  (RTP  kiosks) 

5%  traffic,  less  trained 
some  uncontrolled  factors 
biometric  components  mainly 
pre-cleared  (no  risk  assessment^ 


ABC-II  (elD-based  eGates) 

20-50%  traffic,  many  untrained 
many  uncontrolled  factors  ^ 
some  non-biometric  components 
risk  assessment 

/ 

/ 

/ 

/ 


Access  Control 
systems 

•  All  trained  users 

•  biometric  task  onl^ 


Complexity  of  system  components: 
biometric  vs.  non-biometric 


FRR/FAR 

(ISO  SC37  19795-5) 


FRR/FAR  (ISO  SC37) 
can  be  used 
but  not  sufficient 


i2h 

System  rates 
Degraded  performance 
Through  modeling  of  all  factors 
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“eBorder  Profiling” 

predict  performance 
through  modeling 
of  entire  eBorder  process 
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New  concept:  Degraded  performance  (DP)  cesfl  ^ 

Definition:  Degraded  performance  is  a  statistical  metric,  which  represents  the 
real  performance  of  the  system,  which  is  different  from  the  desired  performance, 
or  the  predicted  limit  of  the  performance. 

•  The  real  performance  is  always  less  than  the  desired  performance,  or  its  predicted  limit. 

•  It  is  difficult  or  impossible  to  estimate  the  contribution  of  different  factors  to  the  system 
performance  degradation. 

•  Reliability  of  the  ABC  can  be  measured  using  DP: 


ABC  ABC  Algorithmic 

degraded  biometric  biometric 

performance  performance  performance 


Performance  Performance 

Degradation  is  degradation 


25/10  =  2.5  40  /  25  =  1.6 

Performance  degradation 

k -  40/10  =  4.0  - H 

Definition:  DP  (ABC)  is  defined  as  the  ratio  of  travelers  for  whom  the  ABC 
machine  cannot  confirm  admissibility,  and  they  have  to  be  sent  to  the  manual 
control:  it  is  expressed  as  “1  in  M  travelers  is  directed  to  manual  control”. 
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DP:  Why  it  is  useful  _ u _ 

3  CBSA  ASF( 

•  It  carries  the  notion  of  the  system  potential,  ie  available  resource  (best 
possible  performance  that  can  be  achieved,  as  reported  in  literature) 

•  It  carries  the  notion  of  the  efficiency  of  utilization  of  a  potentially 
available  resource,  which  represents  the  degree  of  the  performance 
improvement. 

•  It  distinguishes  the  system  performance  and  the  biometric  performance 
in  terms  of  (a)  “1  in  M  is  wrongly  recognized”  vs.  (b)  “1  in  N  is  wrongly 
directed  to  manual  control”. 

•  provides  the  means  to  distinguish  the  controlled  and  uncontrolled 
factors. 


Level  of  degradation  is  a  difference,  or  ratio,  between  the  degraded 
performance  and  the  performance  of  the  biometric  recognition  algorithms. 
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DP:  examples  of  use 


CBSA  ASFC 


1.  State-of -Art  analysis: 

Contemporary  ABC  machines 

operate  at 

•  Degraded  Performance  = 

1  in  10  travelers  (1  :  10) 

2.  System  potential  analysis: 

All  deployed  ABC  machines  have 

good  resource  for  performance 

improvement: 

•  UK’s  IRIS  utilized  only  1/100  of  its 
resource 

•  EU  eGate  utilize  1/10  of  their 
potential  resource. 

•  Spain’s  ABC  machines  based  on 
fusion  of  face  and  fingerprint 
modalities  have  a  hundred  times 
more  resource. 


ABC  machine, 

ABC  machine 

ABC  machine 

Algorithmic 

country 

degraded 

biometric 

biometric 

performance 

performance 

performance 

UK[32],  [14] 

1:10 

1:50  (2%) 

1:1,000  a) 

Germany  [59] 

1:8 

1:20  (5%) 

1:100  b) 

Germany  [48] 

1:7 

1:20  (5%) 

7T 

o 

o 

Spain  [10] 

1:8 

1:20  (5%) 

1:100  d) 

Spain  [10] 

1:10 

1:25  (4%) 

1:1,000  e) 

Canada  [53] 

1:X 

1:X 

1:1,000  f) 

France  [63] 

1:X 

1:X 

1:1,000  9) 

IRIS  program  for  registered  travelers.  Performance  of  the 

iris  recognition  algorithm  is  expressed  by  FRR=0.1% 

FRR=1%  for  facial  recognition  algorithm 

FRR=1%  for  facial  recognition  algorithm 

FRR=1%  for  facial  recognition  algorithm 

total  FRR=0.1%  for  fusion  of  facial  and  fingerprint 

modalities 

NEXUS  ABC  machine  (Canada/U.S.)  for  registered 
travelers.  The  iris  recognition  algorithm  performance  is 
FRR=0.1% 

PARAFE  program  for  French  citizens  (without 
pre-registration).  The  fingerprint  recognition  algorithm 
performance  is  FRR=0.1% 


b) 

c) 

d) 

e) 
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DP:  examples  of  use  (cntd) 


CBSA  ASFC 


3.  Controllable  factors  of  degradation: 

A  lot  of  effort  was  undertaken  by  various  institutions  such  as  NIST  and  ISO 
to  improve  the  design  and  performance  of  the  biometric  recognition 
algorithms. 

However,  one  can  observe  that  improving  recognition  algorithms  does  not 
necessarily  result  in  performance  improvement. 


4.  Uncontrollable  factors  of  degradation: 

International  community  (ICAO,  IATA,  FRONTEX  )  demonstrated  efforts  to 
combat  the  increasing  number  of  uncontrollable  factors. 

Additional  study  in  various  non-technical  fields  is  needed  in  order  to  shift 

the  weight  of  the  non-technical  factors  contributing  to  performance 

degradation,  into  the  technical  factors  that  can  be  controlled  much  easier 
than  the  other  ones. 
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“eBorder”  concept 


CBSA  ASFC 


•  Term  used  by  the  Home  Office  (UK) 

•  Also  known  as  Smart  Borders  or  Border  of  the  Future  (Frontex,IATA,ICAO) 

Definition:  eBorder  =  automated  border  control  and  management, 

specifically  for  Air  Mode  of  transportation  (Air  Traveller  Continuum) 

The  key  task  of  eBorder :  to  expedite  the  traveler’s  passage  and  improve  the 
border  security  through  automation  of  traveller  clearance  process*. 

Two  traveller  clearance  functions  : 

1 .  traveler  authentication  -  “Who  are  you?” 

2.  traveler  risk  assessment/ screening  -  “What  is  your  risk  factor?” 


ABC  machine  is  main  component  in  this  e-Border  task. 
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eBorder  (Air  Traveller  Continuum)  _ . _ 

v  '  CBSA  ASFC 


Pre-screening 

technologies 


Screening  and  clearance  technologies 


Key  eBorder 
components: 

1:  “Three-lane”  risk-based  processing 

II:  manual  behavior  screening 

III:  automated  behavior  screening 

IV:  automated  queuing 

V:  biometric  systems  (ABC):  Gen-1,  Gen-2,  Gen-3 

o 
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Key  components  of  eBorder 


CBSA  ASFC 


I:  “Three-lane”  risk-based  processing 

Many  topologies  possible  (inc.  RTP) 


II:  Non-automated  behavior  screening  (SPOT) 
III:  Automated  behavior  screening  (AVATAR) 


IV:  Automated  queuing  (APC/ABC  kiosks) 

V:  Biometric-enabled 

traveller  clearance  systems  (ABC) 
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Key  components*  of  eBorder  (cntd) 


CBSA  ASFC 


Traveller 

Pre-screening 

“Three-lane”  (three-level) 
risk-based  processing 

Non-automated 

behavioural 

screening 

Automated 

behaviour 

screening 

Intelligent 

Queuing 

Biometric-enabled  traveller 
clearance 
(aka  ABC) 

Assign  a  risk  score  to  a 
traveller  based  on  the 
information  available  about 
the  traveller  prior  to  travel 
(credit,  criminal  history,  etc) 

The  initial  data  is  provided 
by  the  traveller  when 
buying  the  ticket. 

Divide  travelers  into  defined 
risk  categories:  Fast  clearance 
offer  low-risk  travellers  (“green 
“lane”).  Fast  referral  to 
secondary  inspection  for  high- 
risk  travellers  (“red  lane”).  Main 
clearance  effort  is  on  travellers 
of  unknown  risk  (“yellow 
“lane”).  Division  into  “lanes” 
can  be  topological  or  logistical, 
either  accelerated  by  traveller’s 
involvement  or  not. 

(No  technology  used. 
Based  on  human  skill 
only) 

Trained  Officers 
attempt  to  recognize 
terrorists  and  persons 
with  aggressive 
intentions 
among  travelers  by 
visual  observation. 

(Evolved  from  lie 
and  emotion 
detection) 

Detect  hidden 
human  intentions 
through  fusion  of 
multi-modal  and 
multi-band 
biometrics 
combined  with  Al 
decision  making 
dialog  tools 

Delegate  the 
upstream  border 
control  to  machines, 
and  the 

downstream  control 
to  border  officers 

Person-interaction  device  with 
decision  making  mechanism 
automates  traveller  clearance 
through  biometric 
authentication  and  risk 
assessment. 

Automates  two  tasks: 

-Traveller  authentication 
(identifying  a  person) 

-  Traveller  clearance  (deciding 
to  refer  the  identified  person 
to  Exit  or  to  manual 
Examination) 

Examples: 

US  (>2000):  Computer- 
Assisted  Passenger  Pre¬ 
screening  System  CAPPS, 
CAPPS-II,  Secure  Flight. 

EU,  UK  (>2004):  European 
External  Border 

Surveillance  System 

EUROSUR,  SEMAPHORE 

Examples: 

-  Single  physical  lane:  widely 
used  at  passport  control  as 
triaging-based  questions 

-  One  or  two  physical  lanes: 

RTP  programs 

-  Three  physical  lanes:  TSA 
Diamond  (by  traveller’s  choice) 

-  Two  physical  lanes: 

APC/ABC  kiosks  (by  traveller’s 
choice,  according  to 
citizenship) 

Examples: 

Israel,  Russia. 

US  (since  2003): 
Screening 

Passengers  by 
Observation 

Technique  (SPOT), 
DARPA  HumanID 
project 

Examples: 

US  (2006):  FAST 
US,EU  (2013): 
AVATAR  kiosks 

Examples: 

US,  Canada: 
Deployed  in 
Vancouver, 

Montreal,  Toronto, 
and  Chicago 
International 

Airports  using  self- 
service  automated 
passport  /  border 
clearance 
(APC/ABC)  kiosks 

Gen-1  ABC:  RTP-based 
(since  2002) 

Examples:  UK:  IRIS. 

Netherland:  PREVIUM. 

Canada:  NEXUS. 

Gen-2  ABC:  elD /  ePassport 
based  (since  2006) 

Examples:  EU,  Australia 

Gen-3  ABC:  future  machine 
of  eBorder  (2020) 

*  Each  of  these  components  contribute  to  the  decision  in  Gen-3  ABC  system 
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Three  generations  of  ABC 


CBSA  ASFC 


The  e-border 
technologies 


*  ABC-1 


ABC-II 


ABC-Ill 


-> 


j 


K 


V 


J 


From  the  registered  From  local  ABC 

travelers  to  clusters  to  global 

e-passport  h  old  ers  n  etv\o  ric  s 


•  Gen-1  ABC  (RTP-based):  Nexus,  IRIS,  PRIVIUM  >  2002 

-  Defined  by  each  state 

•  Gen-2  ABC  (ePassport/elD-based):  EU  eGates  >  2006 

-  Defined  by  each  state  with  common  guidance 

•  Gen-3  ABC:  machine  of  future  eBorder  >2020 

-  No  formal  definition,  yet  discussed  in  ICAO,  Frontex  roadmaps 
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Definitions:  Gen-1  ABC  and  Gen-2  ABC  „  „  _ _ 

CBSA  ASFC 

Definition  1  [IATA]:  (for  registered  travelers):  “The  ABC  is  an 
automated  border  control  system  that  either  authenticates  the 
travel  documents,  tokens  or  permits,  or  denies  admission  to  a 
traveler  according  to  some  pre-established  specifications.  ” 

-  The  ABC  may  additionally  verify  a  passenger  biometric  data  against 
the  travel  document  and/or  token,  or  a  pre-existing  database, 
containing  biometric  data. 

Definition  2  [FRONTEX]  (e-passport/e-ID  holders):  “The  ABC 
machine  is  an  automated  system  which  authenticates  the  e- 
MRTD  (Machine  Readable  Travel  Document),  establishes 
whether  the  traveler  is  the  rightful  holder  of  the  document, 
queries  border  control  records  and  automatically  determines 
eligibility  for  border  crossing,  according  to  certain  pre-defined 
rules” 

-  Biometrics  authentication  required  by  definition 
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Definition:  Gen-3  ABC 


CBSA  ASFC 


Definition  3:  ABC  is  the  system  that  satisfies  the  following 
properties: 

•Property  1:  It  makes  use  of  the  entire  airport  infrastructure  and  related 
processes. 

•Property  2:  It  is  a  large-scale  system. 

•Property  3:  It  performs  authentication  of  travelers. 

•Property  4:  It  is  a  semi-automated  system  that  operates  under  supervision 
of  a  border  officer. 

•Property  5:  It  is  a  risk  assessment  system  that  analyzes  available 
information  about  each  traveler  and  assigns  him/her  a  risk  factor. 

•Property  6:  It  is  a  machine  that  automatically  communicates  across  the 
data  network  with  other  ABC  machines  and  eBorder  components. 

NB:  extends  ABC  from  Point  solution  to  Air  Continuum  solution. 
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Why  such  formalization  ? 

CBSA  ASFC 

•  It  allows  to  define  ABC  as  Evidence  Accumulation  machine 


It  allows  to  profile  and  assess  risks  of  present  and  future 
ABC  systems  through  modeling,  which  can  be  used  for: 


Training 

Cost-Benefit  Analysis 
Risk  analysis  and  risk 
mitigation  strategies 
Performance  evaluation 


ABC  Profiler: 

-  Methodology  &  software 
for  predictive  analysis  of 
eBorder  deployment  and  exploitation 


Profiling 

technologies 


Profiling  and  clearance  technologies 
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Conclusions 


CBSA  ASFC 


•  Three  generations  of  ABC  established 

•  T axonomy  of  the  eBorder  components  developed 

•  Limitations  of  standard  evaluation  practices  examined 

•  Two  ways  of  describing  the  ABC  performance  proposed: 

-  Degraded  performance 

-  Through  modeling  of  ABC  as  an  evidence  accumulating  machine  of 
the  eBorder  process  within  Air  Traveller  Continuum 

•  Next  steps: 

-  Establish  ABC  model  for  each  country’s  Air  Traveller  Continuum 

-  Based  thereon,  develop  and  apply  ABC  Modeler  (software  and 
methodology)  to  analyse  the  risks  and  mitigation  factors  of  ABC  as 
part  of  the  entire  eBorder  process 

Acknowledgements: 
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Supplement 


CBSA  ASFC 
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Architecture  of  ABC  machine 


CBSA  ASFC 


ABC  machine  is  viewed  as  a  decision  support 
assistant  which  includes: 

•  Traveller  Authentication  module: 

“ recognition  assistant”  performs  identity 
verification  using  the  biometric  modalities 
specified  by  the  e-passport, 

•  Risk  Assessment  module: 

“profiling  assistant”  performs  profiling 
function  using  all  available  sources. 

The  reports  provided  by  these  assistants  are 
processed  using  the  principles  of  consolidated 
clearance  and  decision-making;  the  output  is  a 
recommendation,  which  is  a  final  by  default  (ie 
final  unless  overwritten  by  officer) 


This  corresponds  to  the  semi-  automated  principle  of  the  ABC  machine.  If  a  traveler 
has  been  directed  to  a  manual  check,  the  officer  uses  an  interviewing  technique  which 
can  be  supported  by  a  behaviour  assistant . 
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Example:  ABC  Profiler  for  modeling  Mantrap- 1flSfc 


Table  1 .  Library  of  modelling  modules  for  authentication  task. 


MODELING  MODULE 

STATE  VARIABLES  AND  INITIAL  DATA 

1. 

e-passport 

Security  features,  chip-optical  data  crosscheck,  watchlist.  verification,  manual  check. 

2. 

Facial  verification 

Recognition,  e-passport  holder,  number  of  attempts,  watchlist.  risk  factor,  manual  check. 

3. 

Pre-screenm 

Risk-factor,  aiiport  surveillance.  API  (advanced  passenger  mfomiation).  watchlists. 

4. 

Pre-logistics 

Signs,  e-passport  holder,  surveillance,  risk-factor,  behavior  (geography,  ethnic)  factor 

5. 

Manual  check 

Machine  assistance,  risk-factor,  behavior  factor,  interviewing,  decision  support,  making. 

6. 

Logistics  attack 

Topology,  queuing,  risk-factor,  impostor/terrorist,  behavior  factor,  surveillance. 

7. 

Mantrap  attack 

Single  traveller  detector,  baggage  detector,  risk-factor,  behavior  factor,  topology. 

8. 

Authentication  attack 

e-passport  attack,  plastic  surgery,  make-up  detection,  verification,  manual  check,  risk-factor 

9. 

Watchlists 

Searching  tune,  combmed  database,  nsk-factor.  updating,  manual  check,  decision-making. 

10. 

Training  personnel 

Personal  skills  degradation  factor,  decision-making /support,  human-machine  collaboration. 

E"*V  Queue 


Figure  4.  The  mantrap  structure  with  direct-reverse  entry  and  two 
exits. 
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Example:  ABC  Profiler  for  modeling  Mantrap-  2fl 


Stale  variables  The  Bayesian  network  of  a  simplified 
mantrap  component  of  the  ABC  machine  is  given  in  Fig.  5. 

The  variables  that  are  used  in  the  network  in  Fig. 5  are: 

•  He  {hi, hi},  hi  =  yes.  h2  =  uo.  deuotes  whether  or 
not  the  customer  is  an  e-passpon  holder. 

•  A  e  {01,02,03,04}  represents  a  simplified  authenti¬ 
cation  procedure  that  includes  e-passport  check,  verifi¬ 
cation.  and watchlist check:  ai . 02,  and 03.  correspond 
to  the  1  st.  2nd,  and  3rd  attempt,  and  « ,  denotes  the  au¬ 
thentication  failure.  Note  if  the  traveller  does  not  hold 
an  e-passport  ( H  =  hi),  then  the  authentication  will 
always  fail  ( A  =  o4). 

•  Me  {mi, m2}  deuotes  whether  or  not  the  traveller 
is  redirected  to  the  manual  check,  where  mi  =110  di¬ 
alogue  with  the  border  agent  and  m2  =  regular  dia¬ 
logue  with  the  border  agent.  If  a  traveller  does  not 
hold  an  e-passpon  (//  =  h2),  or  has  failed  authentica¬ 
tion  (A  =  n.|).  then  they  are  automatically  subjected  to 
a  regular  dialogue  with  the  border  agent  (A/  =  m2). 

•  E  e  {e  1 .  c2  }  denotes  whether  or  not  the  traveller  is  au¬ 
thorized.  ci  =  successful  exit.  C2  =  blocked  by  security. 

Any  traveller  that  has  been  exempt  from  dialogue  with 
a  border  agent  (M  =  mi)  is  automatically  cleared  to 
leave  the  crossing  (E  =  ei). 

•  W  e  {  w  1 ,  ti>2 ,  1U3  }  denotes  the  wait  time  for  the  trav¬ 
eller.  u'i  =  a  wait  time  is  less  than  10  min.  W2  =  a 
wail  time  of  more  than  10  uiin.  and  w3  =  uo  authoriza¬ 
tion  given  during  an  allowed  attempt  time.  A  traveller 
waits  (W  =  w.'3)  if  he  she  failed  to  cross  the  border 
(E  =  e2). 

The  joint  probability  distribution  for  the  Bayesian  network 
is:  P(H.A.M,E,W)  =  P(H)xP(A\H)xP(M\H,A)x 
P(E\A,M)  x  P(W\M,E).  PR 
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Figure  5.  A  simplified  Bayesian  netw  ork  that  models  the  mantrap 
component  of  an  ABC  machine.  The  conditional  probabilities 
here  were  chosen  reasonably  closed  to  the  reported  border  cross¬ 
ing  statistics. 


Example:  ABC  Profiler  for  modeling  Mantra^-3 flSFfi 

: .1 — *  Specifically,  the  risk  (mea¬ 
sured  m  a  probabilistic  metric)  that  the  e-passpoit  holder  is 
waiting  for  more  than  10  min  (W  =  w\)  after  the  first  ( A  = 
ax),  the  second  ( A  =  a2),  and  the  thud  ( A  =  a3)  attempt 
is  Risk(tr;i|/ii,ai)  =  1  —  p(wi\hi,  a\)  =  1  —  0.895  = 

0.105, 

Risk(n;i|/ii,  a2)  =  1  —  p(iui|/ii,a2)  =  1  —  0.890  = 

0.110, 

Risk(rt;1|/i1,  a3)  =  1—  p(wi\hi,  a3)  =  1—0.885  =  0.115, 
respectively.  The  risk  of  waiting  for  more  than  10  min.  if 
the  automated  authentication  failed,  increases  significantly: 

Risk(n;i|/ii,  a^)  =  1  —  p(w\\h\,  a^)  =  1  —  0.2400  = 

0.760. 

Table  2.  Risks  of  border  crossing  wait  time  >  10  minutes  using 
ABC  machine  after  the  traveller’s  first,  second,  and  third  attempt 
to  interact  with  authentication  devices,  as  well  as  failed  all  three 
attempts. 


Authentication  attempt 

1st 

2nd 

3rd 

Failed 

Risk  (probability)  of 
border  crossing  wait 

0.105 

0.110 

0.115 

0.760 

time  >10  minutes 
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